Confidentiality is at the centre of maintaining trust between patients and doctors. As a doctor, you have access to sensitive personal information about patients and you have a legal and ethical duty to keep this information confidential, unless the patient consents to the disclosure, disclosure is required by law or is necessary in the public interest. This factsheet sets out the basic principles of confidentiality.
Data relating to an identifiable individual should be held securely. There is a range of official guidance on confidentiality that has been produced by various Medical Councils across the Caribbean region. The most extensive is referenced below. The Medical Council of Jamaica says you must “respect a patient’s privacy, and maintain confidentiality and safety of his/her medical records”, while also making “appropriate referrals in a confidential manner, in order to provide the best care possible for the patient”.
The Bahamas Medical Council has detailed guidance on confidentiality, which can be summarised in the statement: “It is a doctor’s duty…strictly to observe the rule of professional secrecy by refraining from disclosing voluntarily to any third party information about a patient which he has learned directly or indirectly in his professional capacity as a registered medical practitioner.”
The Guyana Medical Council states: “Unless otherwise required by law or by the need to protect the welfare of the individual or the public interest, a medical practitioner shall not divulge confidential information in respect of a patient.”
The St Vincent and the Grenadines Medical Association says in its guidance: “Keep confidential all individual medical information, releasing such information only when required by law or overriding public health consideration, or to other physicians according to accepted medical practice, or to others at the request of the individual.”
You should take care to avoid unintentional disclosure – for example, by ensuring that any consultations with patients cannot be overheard. Your duty of confidentiality relates to all information you hold about your patients, including demographic data, the dates and times of any appointments your patients may have made, and the fact that an individual may be a patient of yours or registered with your practice.
When disclosing information in any of the situations outlined below, you should ensure that the disclosure is proportional – anonymised if possible – and includes only the minimum information necessary for the purpose.
Consent to disclosure
Before disclosing any information about a patient to a third party, you should seek the patient’s consent to the disclosure. Consent may be implied or express, eg, most patients understand that information about their health needs to be shared within the healthcare team providing care, and so implied consent is adequate in this circumstance.
Implied consent is also acceptable for the purposes of clinical audit within the healthcare team, as long as patients have been made aware of the possibility by notices in the waiting room, for example, and the patient has not objected to having their information used in this way. If the patient does object, their objection should be respected and their data should not be used for audit purposes.
Express consent is needed if patient-identifiable data is to be disclosed for any other purpose, except if the disclosure is required by law or is necessary in the public interest.
In order for consent to disclosure to be valid, the patient needs to be competent to give consent, and provided with full information about the extent of the disclosure. Adult patients are assumed to be competent, unless you have specific reason to doubt this. When taking consent for disclosure of information about a patient, you should ensure the patient is aware of what data will be disclosed, and to whom.
You must take care to avoid coercion, where a patient feels they cannot say “no” to a proposed treatment, or that they cannot challenge your assumption that they would have no objections. You should check that the patient has no apprehensions before proceeding, because “consent” that is not given freely is not valid.
Disclosure without consent
In some circumstances, you are obliged to disclose information to comply with the law or to prevent serious harm to the patient or others. In such cases, you should disclose the information – even if you do not have the patient’s consent. You must carefully consider the arguments for and against the disclosure and be able to justify your decision.
It would be sensible to seek advice from experienced colleagues, your medical defence organisation, a professional association or an ethics committee. For more information on disclosures without consent, see the Medical Protection factsheet Confidentiality – disclosures without consent.
After a patient has died
Your duty of confidentiality to your patient remains after death. In some situations, such as a complaint arising after a patient’s death, you should discuss relevant information with the family, especially if the patient was a child. If you reasonably believe that the patient wished that specific information should remain confidential after their death, or if the patient has asked, you should usually respect that wish.
If you are unaware of any instructions from the patient, and are considering disclosing information, you should be sensitive to the patient’s surviving partner or relatives. You should take into account whether such a disclosure is likely to cause them distress or be of benefit; you should also consider whether the information will also release details of members of the patient’s family, or anyone else. Overall you should consider the purpose of the disclosure and check whether the information can be anonymised or coded before disclosure.
The “personal representative” of the patient (usually an executor of the will, or an administrator if there is no will) can apply for access to the relevant part of a patient’s medical records (excepting harmful or third party information), as can someone who has a claim arising out of the patient’s death (eg. for a life assurance claim), or a claim in negligence.